A widespread phishing campaign targeting the hospitality industry uses spear-phishing emails impersonating Booking.com to infect hotel systems with PureRAT malware, stealing credentials and personal data. The campaign has been active since April 2025, employing sophisticated social engineering tactics and marketplaces for stolen Booking.com logs. #PureRAT #Booking.com #Expedia #LolzTeam
Keypoints
- The campaign uses compromised email accounts to send malicious spear-phishing emails to hotels.
- Victims are redirected to ClickFix pages that deploy PureRAT malware for remote access and data theft.
- Threat actors target booking platform accounts and sell stolen credentials on cybercrime forums.
- Hotel customers are also targeted with fake reservation verification links to steal banking information.
- The cybercrime operation has become more sophisticated, integrating social engineering updates and marketplace activity.
Read More: https://thehackernews.com/2025/11/large-scale-clickfix-phishing-attacks.html